REQ.037 Parameters without sensitive data

This document contains the details of the security requirements related to the definition and management of files in the organization. This requirement establishes the importance of discarding potentially harmful data inputs in parameters in order to avoid code injections and data leakage.

Requirement

System must not allow parameter inclusion
in directory names or file paths.

Description

A system must not allow the inclusion of directory names
or files paths in its parameters.
By tampering the fields associated to these parameters,
an attacker may access those paths
and compromise sensitive information.

Implementation

It must be assumed that all data inputs are malicious,
thus using the white list method
to discard any type of data input that is not acceptable
(strictly complies with the specifications)
and rejects anything else
or modify it to meet the specifications.

Attacks

An attacker may create or overwrite critical files
used to execute code, as programs or libraries.
If the target file is used as security mechanism,
then the attacker may surpass that mechanism.
For example, by adding a new account at the end of a password file
to bypass the authentication process.

An attacker may read the content of unexpected files
and expose sensitive information.
If the target file is used as security mechanism,
then the attacker may surpass that mechanism.
For example, by reading a password file
the attacker may perform a brute force attack
to obtain the users credentials.

The attacker may overwrite, delete or corrupt critical files
such as programs, libraries, or sensitive information.
This may lead to a system malfunction,
and in case of having authentication mechanisms,
the attacker may block the system access to all users.